Launch configuration with unencrypted block device.
Block devices should be encrypted to ensure sensitive data is held securely at rest.
Impact
The block device could be compromised and read from
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Turn on encryption for all block devices
1
2
3
4
5
6
7
8
9
10
11
|
Resources:
GoodExample:
Properties:
BlockDeviceMappings:
- DeviceName: root
Ebs:
Encrypted: true
ImageId: ami-123456
InstanceType: t2.small
Type: AWS::AutoScaling::LaunchConfiguration
|
Turn on encryption for all block devices
1
2
3
4
5
6
|
resource "aws_launch_configuration" "good_example" {
root_block_device {
encrypted = true
}
}
|
Links